US20060274645A1 - Methods and apparatus for error recovery in opaque networks using encrypted error locations - Google Patents

Methods and apparatus for error recovery in opaque networks using encrypted error locations Download PDF

Info

Publication number
US20060274645A1
US20060274645A1 US11/146,520 US14652005A US2006274645A1 US 20060274645 A1 US20060274645 A1 US 20060274645A1 US 14652005 A US14652005 A US 14652005A US 2006274645 A1 US2006274645 A1 US 2006274645A1
Authority
US
United States
Prior art keywords
network
path
sub
failure
establishment message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/146,520
Inventor
Richard Bradford
Jean-Philippe Vasseur
James Guichard
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Priority to US11/146,520 priority Critical patent/US20060274645A1/en
Assigned to CISCO TECHNOLOGY, INC. reassignment CISCO TECHNOLOGY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BRADFORD, RICHARD, GUICHARD, JAMES, VASSEUR, JEAN PHILIPPE
Priority to PCT/US2006/022130 priority patent/WO2006133301A2/en
Priority to EP06784637.8A priority patent/EP1889403B1/en
Publication of US20060274645A1 publication Critical patent/US20060274645A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/28Routing or path finding of packets in data switching networks using route fault recovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/10Routing in connection-oriented networks, e.g. X.25 or ATM
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/22Alternate routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks

Definitions

  • data for an end-to-end network connection may be carried through two or more separate provider networks, each being owned and/or operated by a separate communications carrier.
  • a communications subscriber's data may travel through separate provider networks operated by AT&T and MCI.
  • Such separate provider networks, or sub-networks as referred to herein, are capable of inter-operating in certain ways thanks to widely observed standards.
  • each provider network is managed substantially independently, and information about the internal structure of each provider network is generally guarded with great care for reasons of business security and confidentiality.
  • the sub-network operators expose the minimum information about network internals that is necessary to comply with pertinent interface standards. Networks including such separate sub-networks are herein termed “heterogeneous networks”.
  • the sub-networks themselves may be referred to as “opaque” networks due to the very limited information about the network internals that are available or “visible” outside the sub-networks.
  • MPLS Multi-Protocol Label Switching
  • LSPs label-switched paths
  • MPLS can be used in conjunction with signaling protocols such as Resource Reservation Protocol with Traffic Engineering extensions (RSVP-TE), which provides mechanisms for establishing, maintaining, and tearing down LSPs (which are also referred to herein as TE LSPs for “Traffic Engineering Label Switched Paths”).
  • RSVP-TE Resource Reservation Protocol with Traffic Engineering extensions
  • TE LSPs for “Traffic Engineering Label Switched Paths”.
  • GMPLS Generalized MPLS or GMPLS.
  • RSVP-TE RSVP-TE
  • a network device that detects a failure to generate a Path Error message that identifies the location of the failure, and to send the Path Error message to a path-originating device that is responsible for maintaining the path.
  • the path-originating device can respond to the Path Error message by attempting to set up a new communications path to replace the original path, which will in many cases have been torn down automatically upon occurrence of the failure.
  • the path-originating device may specify that the new path should avoid the location of the failure.
  • NNI network-to-network interface
  • UNI user-to-network interface
  • An error message sent from one subnetwork to another may include no information in the pertinent fields, or may include an identification of only the edge-most device in the sub-network, in order to minimize the exposure of internal sub-network information as discussed above. More specific information about the location of a failure stays within the sub-network in which the failure occurred. From the perspective of external devices, such as those of a customer or another network provider on the other side of a UNI or NNI interface, there is little or no information about the specific location of the failure.
  • One shortcoming of the above-described operation of heterogeneous networks is the inability of devices outside a sub-network containing a failure to make the best routing decisions for new communications paths to be established in response to the failure, due to the lack of detailed information about the location of the failure. Based on the limited information it has, an external device such as a path-originator may be forced to use a relatively expensive alternative path, or may erroneously conclude that no alternative path exists, when in fact the sub-network with the failure may itself be capable of providing part of a more attractive alternative path. Additionally, because of the lack of detailed failure information, logging errors at the external device is incomplete, and diagnosing problems in the heterogeneous network can be adversely affected. In some networks, third-party network managers are utilized to provide network management services across multiple provider networks of a heterogeneous network, and the operation of these networks can also be adversely affected by the lack of detailed failure information outside of each provider network.
  • methods and apparatus are disclosed for error recovery in heterogeneous networks in which it is desired to maintain the confidentiality of information about the internal structure and/or operation of sub-networks.
  • methods and apparatus are disclosed for establishing a new communications path between two end devices in a computer network in response to failure of a previously established communications path between the two end devices, when the failure occurs in a sub-network at a failure location whose identity is not to be revealed to an external device outside the sub-network that is responsible for maintaining communications between the two end devices.
  • the external device is signaled that the failure has occurred by a device within the sub-network having the failure, such as by a router adjacent to a failed communications link.
  • the signaling includes an encoded identifier of the failure location that enables identification of the failure location within the sub-network while masking the identity of the failure location to the external device.
  • the failure location information is encrypted into an encrypted sub-object within a signaling message.
  • the signaling message includes a token that is associated with the failure location information, which remains stored within the sub-network.
  • the external device issues a path-establishment message for the new communications path.
  • the path-establishment message indicates that the new communications path should exclude the failure location as identified by the encoded identifier, which is included in the path-establishment message.
  • the encrypted sub-object is included as a corresponding sub-object of the path-establishment message.
  • the token approach is utilized, the token is included in the path-establishment message.
  • a device within the sub-network responds to the path-establishment message by determining whether a path segment for the new communications path can be provided through the sub-network while excluding the failure location as identified by the encoded identifier from the path-establishment message. This may involve decrypting the encrypted sub-object or retrieving stored failure location information based on the token included in the path-establishment message. Based on whether such a path segment can be provided, the device then proceeds accordingly with the path setup operation.
  • the external device is able to more precisely specify a failure location to be avoided when a new communications path is being set up, and can therefore avoid the above-discussed problems that arise from the lack of detailed failure location information.
  • the detailed information about the failure location is encoded so as to be unavailable outside the sub-network, thus preserving such information in confidence as may be desired by network providers.
  • FIG. 1 is a block diagram of a heterogeneous network in accordance with the present invention.
  • FIG. 2 is a diagram of the network of FIG. 1 omitting internal structure of separate sub-networks, reflecting the information that is available outside the sub-networks;
  • FIG. 3 is a flow diagram of a process by which the network of FIG. 1 creates a new communications path in response to a failure on an existing communications path;
  • FIG. 4 is a diagram of the network of FIG. 1 illustrating the flow of messages resulting from the process of FIG. 3 ;
  • FIG. 5 is a diagram of a path error message with a private error location sub-object utilized in the process of FIG. 3 ;
  • FIG. 6 is a diagram of a path setup message with a private exclude location sub-object utilized in the process of FIG. 3 ;
  • FIG. 7 is a diagram illustrating a flow of messaging like that of FIG. 4 but using a token as an encoded identifier of failure location information
  • FIG. 8 is a diagram of a network like that of FIG. 1 and including a third-party network manager.
  • FIG. 1 shows a simplified example of a heterogeneous network 10 providing communications between two endpoint networks 12 - 1 and 12 - 2 .
  • each endpoint network 12 is a respective edge device 14 ( 14 - 1 and 14 - 2 ) which is typically a switch or router providing ingress and/or egress routing of communications to/from the respective endpoint network 12 .
  • the heterogeneous network 10 includes a plurality of provider networks 16 ( 16 - 1 , 16 - 2 and 16 - 3 ), which are also referred to herein as “sub-networks”.
  • the provider networks 16 are operated independently, such as by different communications carriers.
  • the provider networks 16 - 1 , 16 - 2 and 16 - 3 might be operated by separate carriers such as AT&T, Sprint and MCI respectively.
  • Each provider network 16 includes a plurality of switches or routers 18 ( 18 - 11 , 18 - 12 and 18 - 21 though 18 - 24 ), which may be IP routers or optical or time-division-multiplex (TDM) switches. Such devices are referred to generally herein as “routers”.
  • the routers 18 are responsible for establishing and maintaining communications paths for the transfer of data among endpoint devices such as the edge devices 14 of the endpoint networks 12 .
  • the routers 18 are so-called “label switched routers” (LSRs) that utilize a switching technology referred to as Multi-Protocol Label Switching (MPLS) or Generalized Multi-Protocol Label Switching (GMPLS).
  • LSRs label switched routers
  • MPLS Multi-Protocol Label Switching
  • GPLS Generalized Multi-Protocol Label Switching
  • TE LSPs traffic engineering label-switched paths
  • Each router 18 uses a label contained within each received communications message to retrieve a corresponding entry from its forwarding table that indicates which port of the router the message should be forwarded on.
  • Each entry generally also includes another label that is used in the outgoing message in place of the label received with the incoming message. The functions of consulting the local forwarding table and forwarding the message accordingly are repeated at each router 18 to realize each communications path that has been established.
  • RSVP-TE Resource Reservation Protocol with Traffic Extensions
  • RSVP-TE includes mechanisms for establishing and tearing down end-to-end communications paths.
  • An endpoint such as an edge device 14 initiates the establishment of an end-to-end communications paths using known RSVP-TE signaling techniques.
  • RSVP-TE signaling generally propagates hop-by-hop among routers 18 in the direction of the destination endpoint. For example, in the simplified example of FIG.
  • the initial RSVP-TE signaling for establishing a communications path between the edge devices 14 - 1 and 14 - 2 may be initiated by edge device 14 - 1 and proceed to routers 18 - 11 , 18 - 12 , 18 - 21 , 18 - 22 and 18 - 24 sequentially before reaching edge device 14 - 2 .
  • RSVP-TE acknowledgments and response messages flow backwards along the same path to the edge device 14 - 1 .
  • RSVP-TE is utilized as the signaling protocol, it is to be understood that RSVP-TE is provided as an illustrative example only and that in alternative embodiments other communication protocols may be used for the functions described herein, including the signaling of network failures as described below.
  • FIG. 1 illustrates an operating condition in which a failure 20 has developed along a communications path 22 previously established between the edge devices 14 .
  • the failure 20 may be any of a variety of failure types that prevent normal communications between the routers 18 - 22 and 18 - 24 .
  • Common failures include failure of a hardware interface device on one of the routers 18 - 22 or 18 - 24 and failure of the inter-router communications link such as occurs when a cable is severed or accidentally disconnected.
  • routers 18 adjacent to the failure 20 detect the presence of the failure 20 and take actions to notify other devices in the network so that (1) any communications paths that are affected by the failure 20 can be re-routed if possible to restore communications, and (2) new communications paths avoid the failure 20 .
  • Many network routing protocols already provide for failure location information to be “flooded” so as to become known by all routing devices in the network for these purposes. Unfortunately, normal flooding mechanisms may be too slow. The requests for new paths may be re-tried several times while the information about the failure 20 is flooded throughout the network. If this mechanism is the only one relied upon for restoring communications, customers' communications may experience unacceptably long downtime.
  • a router 18 may initiate the tearing down of a communications path along which a failure such as failure 20 has occurred.
  • a tearing down might be initiated, for example, by routers 18 - 22 and 18 - 24 which are adjacent to the failure 20 .
  • the router 18 - 22 may create an RSVP-TE Path Error message and return it along the communications path 22 to the path originator (i.e., edge device 14 - 1 in the illustrated example).
  • the RVSP Path Error message includes a set of data referred to as an ErrorSpec object that includes various information concerning the failure 20 , such as the nature of the failure 20 and its location.
  • the location may be specified, for example, by the network address of the router 18 - 22 and an identifier of the specific port on the router 18 - 22 connected to the communications link containing the failure 20 .
  • the purpose of the Path Error message is to quickly notify the path originator that a previously established MPLS communications path is no longer available. The path originator then has the opportunity to attempt to establish a new communications path so as to minimize the duration of the outage from the customer's perspective. Because of the directness of this signaling of failure information, recovery from the failure can usually be achieved more quickly than when the above-described flooding mechanism is relied upon.
  • FIG. 1 shows all the routers 18 along the communications path 22 between the edge devices 14 .
  • RSVP-TE operation reflects the same level of detail, i.e., each router 18 along a communications path may be informed via an RSVP-TE Path Error message of the precise location of a failure elsewhere in the network, even if it resides within a sub-network 16 operated by a different carrier.
  • this relatively open aspect of RSVP-TE is inconsistent with the desire of communications carriers to avoid revealing the structure of their respective provider networks 16 to competitors or other untrusted entities.
  • the carrier operating provider network 16 - 2 may not wish to reveal the existence and connectivity of the router 18 - 22 that is adjacent to the failure 20 .
  • the ErrorSpec object may identify a port of the egress router 18 - 21 as the failure location. This indication is accurate in a very general way—the failure 20 is in fact located at a point on the communications path 22 that is reached via the router 18 - 21 . However, such an indication hides the internal details of the provider network 16 - 2 from the router 18 - 12 (of provider network 16 - 1 ) and other devices outside the provider network 16 - 2 .
  • FIG. 2 illustrates a view of the heterogeneous network 10 when the internal details of the sub-networks 16 are omitted. Dotted lines are used to indicate connections that are apparent at this level.
  • This view of the network is that which results from the above-described limitation on information transfer across the provider networks 16 .
  • the edge device 14 - 1 sees only respective edge devices of the various provider networks 16 - 1 , 16 - 2 and 16 - 3 (e.g., routers 18 - 11 and 18 - 21 as shown). With respect to the failure 20 , the edge device 14 - 1 knows only that it lies on the far side of router 18 - 21 , somewhere between that router and the edge device 14 - 2 . In some cases, visibility of routers located at domain exits may also be provided.
  • any error logging performed by the edge device 14 - 1 will lack important detail about the locations of failures in the network, rendering the logs much less useful for later use in diagnosing network problems.
  • the path-originating edge device 14 - 1 may opt to completely bypass that provider network on a subsequent attempt to establish a new communications path.
  • the edge device 14 - 1 may opt to route the new path through the sub-network 16 - 3 .
  • Such an approach would be logical if the failure 20 actually occurred immediately adjacent to the router 18 - 21 , as is indicated by the Path Error message.
  • FIG. 3 illustrates a process carried out in the heterogeneous network 10 by which a new communications path is established between the two devices in response to the failure of an original communications path.
  • This process can be executed, for example, in the heterogeneous network 10 of FIG. 1 in response to the failure 20 along the communications path 22 between the edge devices 14 .
  • this process involves signaling the failure to the originating edge device (e.g. edge device 14 - 1 ) in a way that prevents devices outside the provider network 16 - 2 from obtaining information about the location of the failure 20 within the provider network 16 - 2 .
  • the originating edge device e.g. edge device 14 - 1
  • the failure information is utilized in connection with a subsequent new path setup operation by which a replacement communications path may be routed through the same provider network 16 - 2 if desired, while avoiding the location of the failure 20 .
  • the originating device is referred to as the “external device” because it resides outside the sub-network (e.g. provider network 16 - 2 ) in which the failure is detected.
  • the occurrence of the failure is signaled to the external device.
  • This signaling might be initiated, for example, by a router adjacent to the failure such as the router 18 - 22 in FIG. 1 .
  • the signaling message includes an encoded identifier of the failure location.
  • the encoded identifier enables the failure location to be identified within the sub-network where the failure occurred (e.g., within provider network 16 - 2 ) but masks the identity of the failure location to the external device. Examples of such encoded identifiers include encrypted data objects and “tokens” as described in more detail below.
  • the external device that receives the failure signaling (e.g. edge device 14 - 1 ) issues a new path-establishment message for a new communications path.
  • the path-establishment message indicates that the new communications path should exclude the failure location, as identified by the encoded identifier which is included with the path-establishment message.
  • Mechanisms for providing such indications in the context of RSVP-TE in particular are described below.
  • This path-establishment message can be sent into the sub-network containing the failure on the possibility that an alternative path through the sub-network can be created.
  • a device within the sub-network containing the failure responds to the path-establishment message by determining whether a path segment through the sub-network can be provided that excludes the failure location as identified by the encoded identifier in the path-establishment message.
  • this step includes decrypting the encrypted identifier of the failure location, and then performing normal path-computation operations with the constraint of excluding the identified failure location. This operation may be carried out, for example, by an edge router such as the router 18 - 21 . The remainder of the normal path setup process then ensues with respect to the new communications path.
  • FIG. 4 shows the flow of the RSVP-TE messages, with the Path Error messages 30 indicated by white arrows and the Path Setup messages 32 being indicated by dark arrows.
  • the Path Error messages 30 originate at router 18 - 22 and proceed toward the edge device 14 - 1 .
  • the Path Setup messages 32 originate at the edge device 14 - 1 and proceed to the other edge device 14 - 2 , passing through routers 18 - 21 , 18 - 23 and 18 - 24 and bypassing router 18 - 22 (and failure 20 ) in provider network 16 - 2 .
  • each Path Error message may include an ErrorSpec object that is used to provide information about the location of the failure.
  • the ErrorSpec object will normally be used to hold the address of the edge router of the sub-network where the failure occurred (e.g. router 18 - 21 ) as described above.
  • an extension is proposed for RSVP-TE by which the Path Error message includes a “private error location” sub-object that includes the encoded identifier of the actual failure location within the sub-network.
  • FIG. 5 illustrates an RSVP-TE Path Error message 30 with the proposed extension.
  • the message is identified with a Path Error message type 34 .
  • the message may contain one or more objects 36 that provide information about the failure. Included among these objects 36 is the above-referenced ErrorSpec object 38 .
  • a Private Error Location sub-object 40 is included as part of the ErrorSpec object 38 .
  • the Private Error Location sub-object 40 contains an encoded identifier of the failure location 20 , such as by node address or path segment identifier. The encoding is done in a manner known within the provider network 16 - 2 but generally not known outside the provider network 16 - 2 .
  • the failure location information may be encrypted using any of a variety of known encryption techniques, including for example the Advanced Encryption Standard (AES) and Data Encryption Standard (DES), both promulgated by the National Institute of Standards and Technology.
  • AES Advanced Encryption Standard
  • DES Data Encryption Standard
  • Only devices within the provider network 16 - 2 are configured with keys that are suitable for decrypting the encrypted information.
  • the encrypted Private Error Location sub-object 40 does not reveal any details of the structure of the provider network 16 - 2 when passed outside the provider network 16 - 2 as part of a Path Error message. It is only when the sub-object 40 is sent back into the provider network 16 - 2 as part of a subsequent Path Setup message that the encrypted information can be recovered and utilized.
  • FIG. 6 illustrates an RSVP-TE Path Setup message 32 with a proposed extension to enable the system to make use of the private error location information returned as part of a Path Error message 30 .
  • the message is identified with a Path Setup message type 42 .
  • the message may contain one or more objects 44 including an ExcludeRoute object 46 .
  • a Private Exclude Location sub-object 48 is included as part of the ExcludeRoute object 38 .
  • the Private Exclude Location sub-object 48 contains the same encoded identifier of the failure location 20 that was provided to the path originator (e.g. edge device 14 - 1 ) in a preceding Path Error message 30 , such as described above.
  • this encoded identifier can be decoded and used by routers 18 within the provider network 16 - 2 in making path computations for the new path to be established.
  • the failure location identified in the ExcludeRoute object 46 is used to constrain the path computation to those path segments within the provider network 16 - 2 (if any) that do not include the failure location 20 .
  • the ExcludeRoute object 46 is decrypted using the appropriate decryption key.
  • FIG. 7 illustrates an alternative approach to encoding the error information identifying the failure location 20 .
  • the edge router 18 - 21 creates an error information data object (ERROR INFO) 50 using the information from the internal Path Error message (e.g., from the router 18 - 22 ).
  • This information is stored in association with a token 52 that serves as an arbitrary identifier of the error information data object 50 .
  • the token 52 may be generated in any of a variety of ways, including random generation, selection from a pool, or a hashing/message-digest approach.
  • the token 52 is then included in the Private Error Location sub-object 40 of the Path Error message sent by the router 18 - 21 outside the provide network 16 - 2 .
  • the originating device When the originating device (e.g. router 14 - 1 ) generates a new Path Setup message, it includes the token 52 in the Private Exclude Object 48 .
  • a router 18 within the provider network 16 - 2 that receives the Path Setup message (e.g. router 18 - 21 ) uses the token from the Private Exclude Object 48 to look up the locally stored error information data object 50 , and then uses the failure location information in that object in its path computations for the newly requested path.
  • the Path Setup message for the new communications path may not be received at the same edge router 18 that emitted the Path Error message from the provider network 16 - 2 .
  • this situation is automatically handled correctly as long as the decryption key has been distributed to all routers 18 that might receive the Path Setup message.
  • the token approach of FIG. 7 it is necessary to provide the error information data object 50 and the token 52 to any router 18 that can or actually does receive the Path Setup message.
  • the data may be distributed by a flooding/broadcast process initiated by the router (e.g. router 18 - 21 ) that has created the information.
  • a request/response protocol may be employed such that any router 18 within the provider network 16 - 2 can request the data (i.e., error information data object 50 and token 52 ) from another router, such as router 18 - 21 .
  • a router 18 receiving the Path Setup message with an accompanying token 52 issues a request for the associated error information data object 50 .
  • the requesting router 18 can perform its path computations in a known manner.
  • FIG. 8 illustrates a heterogeneous network 10 ′ in which a third-party network manager 54 is utilized in providing network services to the endpoint networks 12 .
  • the third-party network manager 54 may be trusted by the respective carriers owning/operating the provider networks 16 .
  • each edge router 18 e.g. edge router 18 - 21
  • the third-party network manager 54 can be provided with the information necessary to decode the encoded failure location information in the Path Error messages.
  • the third-party network manager 54 can be provided with a decryption key when the encrypted Private Error Location sub-object 40 is utilized.
  • the error information data object 50 and token 52 are sent to the third-party network manager 54 , either unsolicited or on request as described above with respect to FIG. 7 .
  • the signaling for communications path failures and for new communications paths to be established is described as following generally the same paths as the communications paths themselves, which can be typical in an RSVP-TE environment for example.
  • the signaling may travel different paths or may travel through an entirely separate network that may be dedicated to signaling.
  • any signaling entities can be seen as extensions of and included within their respective sub-networks for purposes of the presently disclosed techniques.
  • a signaling entity that operates on behalf of provider network 16 - 2 will generally have access to the same information and perform the same signaling functions as described above for router 18 - 21 , i.e., generating either an encrypted Private Error Location sub-object 40 or token 52 , decrypting an encrypted Private Exclude Error sub-object 48 , etc.
  • provider network 16 - 2 of FIG. 4 might use another provider network between routers 18 - 22 and 18 - 24 .
  • the network can use the disclosed techniques to provide an error location as an encrypted Private Error Location sub-object.
  • network 16 - 2 can wrap that object within its own Private Error Location sub-object and forward it backward along the LSP as described above.
  • These sub-objects are both returned in a subsequent Path Setup message, and each is recovered by the respective network.
  • the token technique may be utilized in a similar way.

Abstract

In response to a failure within a sub-network of a heterogeneous network, an external device is signaled that the failure has occurred by inclusion of an encoded identifier of the failure location with the signaling. The encoded identifier enables identification of the failure location within the sub-network while masking the identity of the failure location to the external device, and may be realized by using an encrypted sub-object or a token that is associated with the failure location information, which remains stored within the sub-network. The external device responds by issuing a path-establishment message indicating that a new communications path should be established and should exclude the failure location as identified by the encoded identifier, which is included in the path-establishment message. A device within the sub-network responds by determining whether a path segment for the new communications path can be provided while excluding the failure location as identified by the encoded identifier from the path-establishment message, and further path-setup functions are performed based on the determination.

Description

    BACKGROUND
  • In modern data communications, data for an end-to-end network connection may be carried through two or more separate provider networks, each being owned and/or operated by a separate communications carrier. For example, a communications subscriber's data may travel through separate provider networks operated by AT&T and MCI. Such separate provider networks, or sub-networks as referred to herein, are capable of inter-operating in certain ways thanks to widely observed standards. However, each provider network is managed substantially independently, and information about the internal structure of each provider network is generally guarded with great care for reasons of business security and confidentiality. The sub-network operators expose the minimum information about network internals that is necessary to comply with pertinent interface standards. Networks including such separate sub-networks are herein termed “heterogeneous networks”. The sub-networks themselves may be referred to as “opaque” networks due to the very limited information about the network internals that are available or “visible” outside the sub-networks.
  • There is a current trend toward increased use of so-called Multi-Protocol Label Switching (MPLS) techniques in wide-area networks such as the heterogeneous networks described above. MPLS enables the establishment of connections known as “label-switched paths” (LSPs) on which data may be exchanged by endpoint devices, such as switches and routers within endpoint networks for which the heterogeneous network provides wide-area communications. MPLS can be used in conjunction with signaling protocols such as Resource Reservation Protocol with Traffic Engineering extensions (RSVP-TE), which provides mechanisms for establishing, maintaining, and tearing down LSPs (which are also referred to herein as TE LSPs for “Traffic Engineering Label Switched Paths”). A recent variant of MPLS is known as Generalized MPLS or GMPLS.
  • One facet of operation of networks employing MPLS Traffic Engineering and other protocols is the identification and signaling of network failures and support for recovery from such failures. Using RSVP-TE, for example, it is possible for a network device that detects a failure to generate a Path Error message that identifies the location of the failure, and to send the Path Error message to a path-originating device that is responsible for maintaining the path. The path-originating device can respond to the Path Error message by attempting to set up a new communications path to replace the original path, which will in many cases have been torn down automatically upon occurrence of the failure. In a Path Setup message for the new path, the path-originating device may specify that the new path should avoid the location of the failure. Other devices within the network perform path calculations for the new path while observing this constraint as signaled by the path-originating device. Note that in this case the entire path is not computed by the path-originating device (also referred to as the “head-end” LSR (Label Switched Router)) but by several network devices along the path.
  • In heterogeneous networks, the interfaces between sub-networks of different providers, and the interfaces between sub-networks and endpoint (or user) networks, are well-specified in order to promote interoperability. The interface between sub-networks is referred to as a network-to-network interface or NNI, and the interface between a sub-network and an endpoint network is referred to as a user-to-network interface (UNI). One common set of NNI and UNI specifications in use are those promulgated by the Optical Internetworking Forum (OIF). In these specifications, there is a provision for identifying the location of a network failure by using certain messages and appropriate data fields thereof. An error message sent from one subnetwork to another may include no information in the pertinent fields, or may include an identification of only the edge-most device in the sub-network, in order to minimize the exposure of internal sub-network information as discussed above. More specific information about the location of a failure stays within the sub-network in which the failure occurred. From the perspective of external devices, such as those of a customer or another network provider on the other side of a UNI or NNI interface, there is little or no information about the specific location of the failure.
    • SUMMARY
  • One shortcoming of the above-described operation of heterogeneous networks is the inability of devices outside a sub-network containing a failure to make the best routing decisions for new communications paths to be established in response to the failure, due to the lack of detailed information about the location of the failure. Based on the limited information it has, an external device such as a path-originator may be forced to use a relatively expensive alternative path, or may erroneously conclude that no alternative path exists, when in fact the sub-network with the failure may itself be capable of providing part of a more attractive alternative path. Additionally, because of the lack of detailed failure information, logging errors at the external device is incomplete, and diagnosing problems in the heterogeneous network can be adversely affected. In some networks, third-party network managers are utilized to provide network management services across multiple provider networks of a heterogeneous network, and the operation of these networks can also be adversely affected by the lack of detailed failure information outside of each provider network.
  • In accordance with the present invention, methods and apparatus are disclosed for error recovery in heterogeneous networks in which it is desired to maintain the confidentiality of information about the internal structure and/or operation of sub-networks. In particular, methods and apparatus are disclosed for establishing a new communications path between two end devices in a computer network in response to failure of a previously established communications path between the two end devices, when the failure occurs in a sub-network at a failure location whose identity is not to be revealed to an external device outside the sub-network that is responsible for maintaining communications between the two end devices.
  • In response to the failure, the external device is signaled that the failure has occurred by a device within the sub-network having the failure, such as by a router adjacent to a failed communications link. The signaling includes an encoded identifier of the failure location that enables identification of the failure location within the sub-network while masking the identity of the failure location to the external device. In one embodiment, the failure location information is encrypted into an encrypted sub-object within a signaling message. In another embodiment, the signaling message includes a token that is associated with the failure location information, which remains stored within the sub-network.
  • In response to the signaling of the failure, the external device issues a path-establishment message for the new communications path. The path-establishment message indicates that the new communications path should exclude the failure location as identified by the encoded identifier, which is included in the path-establishment message. In the case of an encrypted sub-object, the encrypted sub-object is included as a corresponding sub-object of the path-establishment message. When the token approach is utilized, the token is included in the path-establishment message.
  • A device within the sub-network responds to the path-establishment message by determining whether a path segment for the new communications path can be provided through the sub-network while excluding the failure location as identified by the encoded identifier from the path-establishment message. This may involve decrypting the encrypted sub-object or retrieving stored failure location information based on the token included in the path-establishment message. Based on whether such a path segment can be provided, the device then proceeds accordingly with the path setup operation.
  • By using the encoded identifier, the external device is able to more precisely specify a failure location to be avoided when a new communications path is being set up, and can therefore avoid the above-discussed problems that arise from the lack of detailed failure location information. However, the detailed information about the failure location is encoded so as to be unavailable outside the sub-network, thus preserving such information in confidence as may be desired by network providers.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The foregoing and other objects, features and advantages of the invention will be apparent from the following description of particular embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention.
  • FIG. 1 is a block diagram of a heterogeneous network in accordance with the present invention;
  • FIG. 2 is a diagram of the network of FIG. 1 omitting internal structure of separate sub-networks, reflecting the information that is available outside the sub-networks;
  • FIG. 3 is a flow diagram of a process by which the network of FIG. 1 creates a new communications path in response to a failure on an existing communications path;
  • FIG. 4 is a diagram of the network of FIG. 1 illustrating the flow of messages resulting from the process of FIG. 3;
  • FIG. 5 is a diagram of a path error message with a private error location sub-object utilized in the process of FIG. 3;
  • FIG. 6 is a diagram of a path setup message with a private exclude location sub-object utilized in the process of FIG. 3;
  • FIG. 7 is a diagram illustrating a flow of messaging like that of FIG. 4 but using a token as an encoded identifier of failure location information; and
  • FIG. 8 is a diagram of a network like that of FIG. 1 and including a third-party network manager.
    • DETAILED DESCRIPTION
  • FIG. 1 shows a simplified example of a heterogeneous network 10 providing communications between two endpoint networks 12-1 and 12-2. Within each endpoint network 12 is a respective edge device 14 (14-1 and 14-2) which is typically a switch or router providing ingress and/or egress routing of communications to/from the respective endpoint network 12. The heterogeneous network 10 includes a plurality of provider networks 16 (16-1, 16-2 and 16-3), which are also referred to herein as “sub-networks”. The provider networks 16 are operated independently, such as by different communications carriers. For example, the provider networks 16-1, 16-2 and 16-3 might be operated by separate carriers such as AT&T, Sprint and MCI respectively.
  • Each provider network 16 includes a plurality of switches or routers 18 (18-11, 18-12 and 18-21 though 18-24 ), which may be IP routers or optical or time-division-multiplex (TDM) switches. Such devices are referred to generally herein as “routers”. The routers 18 are responsible for establishing and maintaining communications paths for the transfer of data among endpoint devices such as the edge devices 14 of the endpoint networks 12. In one embodiment, the routers 18 are so-called “label switched routers” (LSRs) that utilize a switching technology referred to as Multi-Protocol Label Switching (MPLS) or Generalized Multi-Protocol Label Switching (GMPLS). In accordance with MPLS techniques, communications paths known as “traffic engineering label-switched paths” (TE LSPs) are established through the provider networks 16 as respective sets of entries in forwarding tables maintained in the routers 18. Each router 18 uses a label contained within each received communications message to retrieve a corresponding entry from its forwarding table that indicates which port of the router the message should be forwarded on. Each entry generally also includes another label that is used in the outgoing message in place of the label received with the incoming message. The functions of consulting the local forwarding table and forwarding the message accordingly are repeated at each router 18 to realize each communications path that has been established.
  • The TE LSPs used in the heterogeneous network 10 of FIG. 1 are established in part through a control protocol such as Resource Reservation Protocol with Traffic Extensions (RSVP-TE). Among other things, RSVP-TE includes mechanisms for establishing and tearing down end-to-end communications paths. An endpoint such as an edge device 14 initiates the establishment of an end-to-end communications paths using known RSVP-TE signaling techniques. RSVP-TE signaling generally propagates hop-by-hop among routers 18 in the direction of the destination endpoint. For example, in the simplified example of FIG. 1, the initial RSVP-TE signaling for establishing a communications path between the edge devices 14-1 and 14-2 may be initiated by edge device 14-1 and proceed to routers 18-11, 18-12, 18-21, 18-22 and 18-24 sequentially before reaching edge device 14-2. In such a case, RSVP-TE acknowledgments and response messages flow backwards along the same path to the edge device 14-1.
  • Although in the present description RSVP-TE is utilized as the signaling protocol, it is to be understood that RSVP-TE is provided as an illustrative example only and that in alternative embodiments other communication protocols may be used for the functions described herein, including the signaling of network failures as described below.
  • FIG. 1 illustrates an operating condition in which a failure 20 has developed along a communications path 22 previously established between the edge devices 14. The failure 20 may be any of a variety of failure types that prevent normal communications between the routers 18-22 and 18-24. Common failures include failure of a hardware interface device on one of the routers 18-22 or 18-24 and failure of the inter-router communications link such as occurs when a cable is severed or accidentally disconnected.
  • It is assumed that routers 18 adjacent to the failure 20 detect the presence of the failure 20 and take actions to notify other devices in the network so that (1) any communications paths that are affected by the failure 20 can be re-routed if possible to restore communications, and (2) new communications paths avoid the failure 20. Many network routing protocols already provide for failure location information to be “flooded” so as to become known by all routing devices in the network for these purposes. Unfortunately, normal flooding mechanisms may be too slow. The requests for new paths may be re-tried several times while the information about the failure 20 is flooded throughout the network. If this mechanism is the only one relied upon for restoring communications, customers' communications may experience unacceptably long downtime.
  • In addition to the aforementioned flooding of failure location information, a router 18 may initiate the tearing down of a communications path along which a failure such as failure 20 has occurred. In the example of FIG. 1, such a tearing down might be initiated, for example, by routers 18-22 and 18-24 which are adjacent to the failure 20. As part of the tearing down operation, the router 18-22 may create an RSVP-TE Path Error message and return it along the communications path 22 to the path originator (i.e., edge device 14-1 in the illustrated example). The RVSP Path Error message includes a set of data referred to as an ErrorSpec object that includes various information concerning the failure 20, such as the nature of the failure 20 and its location. The location may be specified, for example, by the network address of the router 18-22 and an identifier of the specific port on the router 18-22 connected to the communications link containing the failure 20. The purpose of the Path Error message is to quickly notify the path originator that a previously established MPLS communications path is no longer available. The path originator then has the opportunity to attempt to establish a new communications path so as to minimize the duration of the outage from the customer's perspective. Because of the directness of this signaling of failure information, recovery from the failure can usually be achieved more quickly than when the above-described flooding mechanism is relied upon.
  • FIG. 1 shows all the routers 18 along the communications path 22 between the edge devices 14. In general, RSVP-TE operation reflects the same level of detail, i.e., each router 18 along a communications path may be informed via an RSVP-TE Path Error message of the precise location of a failure elsewhere in the network, even if it resides within a sub-network 16 operated by a different carrier. However, this relatively open aspect of RSVP-TE is inconsistent with the desire of communications carriers to avoid revealing the structure of their respective provider networks 16 to competitors or other untrusted entities. For example, the carrier operating provider network 16-2 may not wish to reveal the existence and connectivity of the router 18-22 that is adjacent to the failure 20. Thus, it is common for carriers in heterogeneous networks such as the network 10 to limit the information that is permitted to leave their respective sub-networks. For example, for RSVP-TE Path Error messages propagating from the provider network 16-2 to the provider network 16-1, the ErrorSpec object may identify a port of the egress router 18-21 as the failure location. This indication is accurate in a very general way—the failure 20 is in fact located at a point on the communications path 22 that is reached via the router 18-21. However, such an indication hides the internal details of the provider network 16-2 from the router 18-12 (of provider network 16-1) and other devices outside the provider network 16-2.
  • FIG. 2 illustrates a view of the heterogeneous network 10 when the internal details of the sub-networks 16 are omitted. Dotted lines are used to indicate connections that are apparent at this level. This view of the network is that which results from the above-described limitation on information transfer across the provider networks 16. As an originator of communications paths, the edge device 14-1 sees only respective edge devices of the various provider networks 16-1, 16-2 and 16-3 (e.g., routers 18-11 and 18-21 as shown). With respect to the failure 20, the edge device 14-1 knows only that it lies on the far side of router 18-21, somewhere between that router and the edge device 14-2. In some cases, visibility of routers located at domain exits may also be provided.
  • The limited network view depicted in FIG. 2 can cause significant operational problems. To begin with, any error logging performed by the edge device 14-1 will lack important detail about the locations of failures in the network, rendering the logs much less useful for later use in diagnosing network problems. When a provider network 16 has only one point of ingress, such as for provider network 16-2, the path-originating edge device 14-1 may opt to completely bypass that provider network on a subsequent attempt to establish a new communications path. For example, the edge device 14-1 may opt to route the new path through the sub-network 16-3. Such an approach would be logical if the failure 20 actually occurred immediately adjacent to the router 18-21, as is indicated by the Path Error message. However, when the failure has actually occurred more deeply within the provider network such that an alternative communications path may exist within the provider network (as is the case for provider network 16-2 in FIG. 1), it would be more desirable that the new communications path be routed within that same provider network along the alternative path. From the perspective of the operator of the provider network having the failure, it avoids losing customer revenue. Additionally, in some cases such an alternative path may be either the only alternative path or the most economical path, and if it is not utilized then the edge device 14-1 may either select a less economical path or incorrectly conclude that the destination edge device 14-2 has become unreachable. These are all undesirable operating scenarios.
  • FIG. 3 illustrates a process carried out in the heterogeneous network 10 by which a new communications path is established between the two devices in response to the failure of an original communications path. This process can be executed, for example, in the heterogeneous network 10 of FIG. 1 in response to the failure 20 along the communications path 22 between the edge devices 14. Overall, this process involves signaling the failure to the originating edge device (e.g. edge device 14-1) in a way that prevents devices outside the provider network 16-2 from obtaining information about the location of the failure 20 within the provider network 16-2. The failure information is utilized in connection with a subsequent new path setup operation by which a replacement communications path may be routed through the same provider network 16-2 if desired, while avoiding the location of the failure 20. In FIG. 3, the originating device is referred to as the “external device” because it resides outside the sub-network (e.g. provider network 16-2) in which the failure is detected.
  • In step 24, the occurrence of the failure is signaled to the external device. This signaling might be initiated, for example, by a router adjacent to the failure such as the router 18-22 in FIG. 1. The signaling message includes an encoded identifier of the failure location. The encoded identifier enables the failure location to be identified within the sub-network where the failure occurred (e.g., within provider network 16-2) but masks the identity of the failure location to the external device. Examples of such encoded identifiers include encrypted data objects and “tokens” as described in more detail below.
  • In step 26, the external device that receives the failure signaling (e.g. edge device 14-1) issues a new path-establishment message for a new communications path. The path-establishment message indicates that the new communications path should exclude the failure location, as identified by the encoded identifier which is included with the path-establishment message. Mechanisms for providing such indications in the context of RSVP-TE in particular are described below. This path-establishment message can be sent into the sub-network containing the failure on the possibility that an alternative path through the sub-network can be created.
  • In step 28, a device within the sub-network containing the failure responds to the path-establishment message by determining whether a path segment through the sub-network can be provided that excludes the failure location as identified by the encoded identifier in the path-establishment message. In one embodiment, this step includes decrypting the encrypted identifier of the failure location, and then performing normal path-computation operations with the constraint of excluding the identified failure location. This operation may be carried out, for example, by an edge router such as the router 18-21. The remainder of the normal path setup process then ensues with respect to the new communications path.
  • In an RSVP-TE environment, the messaging of steps 24 and 26 can be carried out using Path Error and Path Setup messages. FIG. 4 shows the flow of the RSVP-TE messages, with the Path Error messages 30 indicated by white arrows and the Path Setup messages 32 being indicated by dark arrows. As shown, the Path Error messages 30 originate at router 18-22 and proceed toward the edge device 14-1. The Path Setup messages 32 originate at the edge device 14-1 and proceed to the other edge device 14-2, passing through routers 18-21, 18-23 and 18-24 and bypassing router 18-22 (and failure 20) in provider network 16-2.
  • As mentioned above, the signaling of the fault location 20 can be accomplished using an RSVP-TE Path Error message. Per the RSVP-TE specification, each Path Error message may include an ErrorSpec object that is used to provide information about the location of the failure. However, in a heterogeneous network such as network 10, the ErrorSpec object will normally be used to hold the address of the edge router of the sub-network where the failure occurred (e.g. router 18-21) as described above. Thus, an extension is proposed for RSVP-TE by which the Path Error message includes a “private error location” sub-object that includes the encoded identifier of the actual failure location within the sub-network.
  • FIG. 5 illustrates an RSVP-TE Path Error message 30 with the proposed extension. The message is identified with a Path Error message type 34. The message may contain one or more objects 36 that provide information about the failure. Included among these objects 36 is the above-referenced ErrorSpec object 38. A Private Error Location sub-object 40 is included as part of the ErrorSpec object 38. The Private Error Location sub-object 40 contains an encoded identifier of the failure location 20, such as by node address or path segment identifier. The encoding is done in a manner known within the provider network 16-2 but generally not known outside the provider network 16-2. For example, the failure location information may be encrypted using any of a variety of known encryption techniques, including for example the Advanced Encryption Standard (AES) and Data Encryption Standard (DES), both promulgated by the National Institute of Standards and Technology. Only devices within the provider network 16-2 are configured with keys that are suitable for decrypting the encrypted information. The encrypted Private Error Location sub-object 40 does not reveal any details of the structure of the provider network 16-2 when passed outside the provider network 16-2 as part of a Path Error message. It is only when the sub-object 40 is sent back into the provider network 16-2 as part of a subsequent Path Setup message that the encrypted information can be recovered and utilized.
  • FIG. 6 illustrates an RSVP-TE Path Setup message 32 with a proposed extension to enable the system to make use of the private error location information returned as part of a Path Error message 30. The message is identified with a Path Setup message type 42. The message may contain one or more objects 44 including an ExcludeRoute object 46. A Private Exclude Location sub-object 48 is included as part of the ExcludeRoute object 38. The Private Exclude Location sub-object 48 contains the same encoded identifier of the failure location 20 that was provided to the path originator (e.g. edge device 14-1) in a preceding Path Error message 30, such as described above. As also described above, this encoded identifier can be decoded and used by routers 18 within the provider network 16-2 in making path computations for the new path to be established. In particular, the failure location identified in the ExcludeRoute object 46 is used to constrain the path computation to those path segments within the provider network 16-2 (if any) that do not include the failure location 20. When encryption has been used to generate the Private Error Location sub-object 40, the ExcludeRoute object 46 is decrypted using the appropriate decryption key.
  • FIG. 7 illustrates an alternative approach to encoding the error information identifying the failure location 20. The edge router 18-21 creates an error information data object (ERROR INFO) 50 using the information from the internal Path Error message (e.g., from the router 18-22). This information is stored in association with a token 52 that serves as an arbitrary identifier of the error information data object 50. The token 52 may be generated in any of a variety of ways, including random generation, selection from a pool, or a hashing/message-digest approach. The token 52 is then included in the Private Error Location sub-object 40 of the Path Error message sent by the router 18-21 outside the provide network 16-2.
  • When the originating device (e.g. router 14-1) generates a new Path Setup message, it includes the token 52 in the Private Exclude Object 48. A router 18 within the provider network 16-2 that receives the Path Setup message (e.g. router 18-21) uses the token from the Private Exclude Object 48 to look up the locally stored error information data object 50, and then uses the failure location information in that object in its path computations for the newly requested path.
  • It will be appreciated that the Path Setup message for the new communications path may not be received at the same edge router 18 that emitted the Path Error message from the provider network 16-2. When the above-described encryption method issued, this situation is automatically handled correctly as long as the decryption key has been distributed to all routers 18 that might receive the Path Setup message. When the token approach of FIG. 7 is utilized, it is necessary to provide the error information data object 50 and the token 52 to any router 18 that can or actually does receive the Path Setup message. The data may be distributed by a flooding/broadcast process initiated by the router (e.g. router 18-21) that has created the information. As an alternative, a request/response protocol may be employed such that any router 18 within the provider network 16-2 can request the data (i.e., error information data object 50 and token 52) from another router, such as router 18-21. Using this approach, a router 18 receiving the Path Setup message with an accompanying token 52 issues a request for the associated error information data object 50. Upon receiving a response to this request, the requesting router 18 can perform its path computations in a known manner.
  • FIG. 8 illustrates a heterogeneous network 10′ in which a third-party network manager 54 is utilized in providing network services to the endpoint networks 12. In this configuration, the third-party network manager 54 may be trusted by the respective carriers owning/operating the provider networks 16. However, if the standard network-network interface is used, each edge router 18 (e.g. edge router 18-21) will still replace any detailed failure location information in the ErrorSpec object with its own address information, leaving the third-party network manager 54 with insufficient information to make the best choices for creating new communications paths. To enable the third-party network manager 54 to obtain such information, the third-party network manager 54 can be provided with the information necessary to decode the encoded failure location information in the Path Error messages. For example, the third-party network manager 54 can be provided with a decryption key when the encrypted Private Error Location sub-object 40 is utilized. In an embodiment utilizing the token approach of FIG. 7, the error information data object 50 and token 52 are sent to the third-party network manager 54, either unsolicited or on request as described above with respect to FIG. 7.
  • In the above description, the signaling for communications path failures and for new communications paths to be established is described as following generally the same paths as the communications paths themselves, which can be typical in an RSVP-TE environment for example. However, in alternative embodiments the signaling may travel different paths or may travel through an entirely separate network that may be dedicated to signaling. In such alternative embodiments, any signaling entities can be seen as extensions of and included within their respective sub-networks for purposes of the presently disclosed techniques. Thus, a signaling entity that operates on behalf of provider network 16-2, for example, will generally have access to the same information and perform the same signaling functions as described above for router 18-21, i.e., generating either an encrypted Private Error Location sub-object 40 or token 52, decrypting an encrypted Private Exclude Error sub-object 48, etc.
  • The techniques described herein can be used in a hierarchical or nested manner. For example, provider network 16-2 of FIG. 4 might use another provider network between routers 18-22 and 18-24. When a failure occurs in such a network, the network can use the disclosed techniques to provide an error location as an encrypted Private Error Location sub-object. Then, network 16-2 can wrap that object within its own Private Error Location sub-object and forward it backward along the LSP as described above. These sub-objects are both returned in a subsequent Path Setup message, and each is recovered by the respective network. The token technique may be utilized in a similar way.
  • While this invention has been particularly shown and described with references to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (20)

1. A method of establishing a new communications path between two end devices in a computer network in response to failure of a previously established communications path between the two end devices, the failure occurring in a sub-network at a failure location whose identity is not to be revealed to an external device outside the sub-network responsible for maintaining communications between the two end devices, the method comprising:
signaling to the external device that the failure has occurred, the signaling including an encoded identifier of the failure location, the encoded identifier enabling identification of the failure location within the sub-network while masking the identity of the failure location to the external device;
at the external device, issuing a path-establishment message for the new communications path, the path-establishment message indicating that the new communications path should exclude the failure location as identified by the encoded identifier; and
within the sub-network, responding to the path-establishment message by determining whether a path segment for the new communications path can be provided through the sub-network excluding the failure location as identified by the encoded identifier from the path-establishment message.
2. A method according to claim 1, wherein the external device is an edge device in an endpoint network in which the previously established communications path and the new communications path terminate.
3. A method according to claim 1, wherein signaling the occurrence of the failure comprises sending a path error message to the external device from a device adjacent the failure location.
4. A method according to claim 1, wherein the encoded identifier comprises a data object encrypted according to an encryption technique, the encryption technique employing a decryption key that is provided to devices within the sub-network but not to the external device, the encrypted data object accompanying the path-establishment message, and wherein responding to the path-establishment message within the sub-network comprises decrypting the encrypted data object from the path-establishment message.
5. A method according to claim 4, wherein the decrypting of the encrypted data object is carried out by an ingress edge device in the sub-network.
6. A method according to claim 1, wherein the encoded identifier comprises a token associated with an error information data object stored within the sub-network, the token accompanying the path-establishment message, and wherein responding to the path-establishment message within the sub-network comprises retrieving the stored error information data object based on the token from the path-establishment message.
7. A method according to claim 6, wherein the error information data object is provided to devices in the sub-network in an unsolicited manner for potential use in responding to the path-establishment message.
8. A method according to claim 6, wherein the error information data object is provided to a device in the sub-network in response to a request generated by the device upon receiving the path-establishment message.
9. A method according to claim 1, wherein the sub-network is a first sub-network nested within a second sub-network, and wherein signaling the occurrence of the failure comprises wrapping the encoded identifier within an error sub-object of the second sub-network, and further comprising recovering the error sub-object from the path-establishment message in the second sub-network to provide the encoded identifier to the first sub-network.
10. A heterogeneous network, comprising:
a sub-network through which a previously established communications path for two end devices extends; and
an external device outside the sub-network responsible for maintaining communications between the two end devices;
the sub-network including a first network device operative to signal to the external device that a failure has occurred within the sub-network, the failure occurring in the sub-network at a failure location whose identity is not to be revealed to the external device, the signaling including an encoded identifier of the failure location, the encoded identifier enabling identification of the failure location within the sub-network while masking the identity of the failure location to the external device;
the external device being operative in response to the signaling of the failure to issue a path-establishment message for a new communications path between the two end devices, the path-establishment message indicating that the new communications path should exclude the failure location as identified by the encoded identifier; and
the sub-network including a second network device operative to respond to the path-establishment message by determining whether a path segment for the new communications path can be provided through the sub-network excluding the failure location as identified by the encoded identifier from the path-establishment message.
11. A heterogeneous network according to claim 10, wherein the external device is an edge device in an endpoint network in which the previously established communications path and the new communications path terminate.
12. A heterogeneous network according to claim 10, wherein the first network device is adjacent to the failure location and is operative when signaling the occurrence of the failure to send a path error message to the external device.
13. A heterogeneous network according to claim 10, wherein the encoded identifier comprises a data object encrypted according to an encryption technique, the encryption technique employing a decryption key that is provided to devices within the sub-network but not to the external device, the encrypted data object accompanying the path-establishment message, and wherein the second network device is operative when responding to the path-establishment message to decrypt the encrypted data object from the path-establishment message.
14. A heterogeneous network according to claim 13, wherein the second network device is an ingress edge device in the sub-network.
15. A heterogeneous network according to claim 10, wherein the encoded identifier comprises a token associated with an error information data object stored within the sub-network, the token accompanying the path-establishment message, and wherein the second network device is operative when responding to the path-establishment message to retrieve the stored error information data object based on the token from the path-establishment message.
16. A heterogeneous network according to claim 15, wherein the error information data object is provided to the second network device in an unsolicited manner for potential use in responding to the path-establishment message.
17. A heterogeneous network according to claim 15, wherein the error information data object is provided to the second network device in response to a request generated by the second network device upon receiving the path-establishment message.
18. A heterogeneous network according to claim 10, wherein the sub-network is a first sub-network nested within a second sub-network, the second sub-network being operative to wrap the encoded identifier within an error sub-object provided to the external device, the second sub-network being further operative to recover the error sub-object from the path-establishment message and provide the encoded identifier to the first sub-network.
19. A network device for use in a heterogeneous network including a sub-network, the sub-network being operative to provide a path segment of a previously established communications path for two end devices extends, the sub-network being operative to signal to the network device that a failure has occurred within the sub-network, the failure occurring in the sub-network at a failure location whose identity is not to be revealed to the network device, the network device being responsible for maintaining communications between the two end devices and being configured to:
receive the failure signaling from the sub-network, the failure signaling including an encoded identifier of the failure location, the encoded identifier enabling identification of the failure location within the sub-network while masking the identity of the failure location to the network device; and
issue a path-establishment message for a new communications path between the two end devices, the path-establishment message including the encoded identifier from the failure signaling and indicating that the new communications path should exclude the failure location as identified by the encoded identifier.
20. A network device for use in a sub-network of a heterogeneous network, the sub-network providing a path segment of a previously established communications path for two end devices, the network device being configured to:
signal to an external device outside the sub-network that a failure has occurred within the sub-network, the failure occurring in the sub-network at a failure location whose identity is not to be revealed to the external device, the signaling including an encoded identifier of the failure location, the encoded identifier enabling identification of the failure location within the sub-network while masking the identity of the failure location to the external device; and
in response to a path-establishment message from the external device indicating that a new communications path should exclude the failure location as identified by the encoded identifier, determining whether a path segment for the new communications path can be provided through the sub-network excluding the failure location as identified by the encoded identifier from the path-establishment message.
US11/146,520 2005-06-07 2005-06-07 Methods and apparatus for error recovery in opaque networks using encrypted error locations Abandoned US20060274645A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US11/146,520 US20060274645A1 (en) 2005-06-07 2005-06-07 Methods and apparatus for error recovery in opaque networks using encrypted error locations
PCT/US2006/022130 WO2006133301A2 (en) 2005-06-07 2006-06-07 Methods and apparatus for error recovery in opaque networks using encrypted error locations
EP06784637.8A EP1889403B1 (en) 2005-06-07 2006-06-07 Methods and apparatus for error recovery in opaque networks using encrypted error locations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/146,520 US20060274645A1 (en) 2005-06-07 2005-06-07 Methods and apparatus for error recovery in opaque networks using encrypted error locations

Publications (1)

Publication Number Publication Date
US20060274645A1 true US20060274645A1 (en) 2006-12-07

Family

ID=37493969

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/146,520 Abandoned US20060274645A1 (en) 2005-06-07 2005-06-07 Methods and apparatus for error recovery in opaque networks using encrypted error locations

Country Status (3)

Country Link
US (1) US20060274645A1 (en)
EP (1) EP1889403B1 (en)
WO (1) WO2006133301A2 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080112333A1 (en) * 2006-11-10 2008-05-15 World Wide Packets, Inc. Communicating an operational state of a transport service
US20080124074A1 (en) * 2005-06-23 2008-05-29 Yu Yang Method for handling channel failures in an automatically switched optical network
US20090067330A1 (en) * 2007-09-06 2009-03-12 Ian Michael Charles Shand Computing path information to a destination node in a data communication network
US20090237697A1 (en) * 2008-03-20 2009-09-24 Angelo Caruso Multiple processor print driver
US20110149949A1 (en) * 2009-12-18 2011-06-23 Yury Bakshi Method and apparatus for clearing hang calls
US20120207017A1 (en) * 2009-07-16 2012-08-16 Daniele Ceccarelli Recovery mechanism for point-to-multipoint traffic
CN102833108A (en) * 2012-08-30 2012-12-19 华为技术有限公司 Processing method and equipment of location information of fault point
US20130003525A1 (en) * 2008-06-17 2013-01-03 Machiko Asaie Communication node and communication system
US20130301402A1 (en) * 2010-12-15 2013-11-14 TELEFONAKTIEBOLAGET L M ERRICSSON (publ) Message passing to assure deletion of label switched path
US20140029416A1 (en) * 2010-12-15 2014-01-30 Telefonaktiebolaget L M Ericsson (Publ) Segment recovery in connection-oriented network
EP2725742A1 (en) * 2012-08-30 2014-04-30 Huawei Technologies Co., Ltd. Method and device for processing location information about fault point
CN104238508A (en) * 2014-08-29 2014-12-24 南京中电自动化有限公司 Motor protector data communication optimizing module
US10362631B2 (en) * 2017-04-03 2019-07-23 Level 3 Communications, Llc Last resource disaster routing in a telecommunications network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040025018A1 (en) * 2002-01-23 2004-02-05 Haas Zygmunt J. Secure end-to-end communication in mobile ad hoc networks
US20050013241A1 (en) * 2003-07-18 2005-01-20 Alcatel Network restoration
US20050041675A1 (en) * 2003-06-24 2005-02-24 Docomo Communications Laboratories Usa, Inc. Location privacy for internet protocol networks using cryptographically protected prefixes
US20060098587A1 (en) * 2004-11-05 2006-05-11 Jean-Philippe Vasseur System and method for retrieving computed paths from a path computation element using encrypted objects
US20060129797A1 (en) * 2004-12-15 2006-06-15 Palo Alto Research Center, Inc. Hardware-supported secure network boot

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040025018A1 (en) * 2002-01-23 2004-02-05 Haas Zygmunt J. Secure end-to-end communication in mobile ad hoc networks
US20050041675A1 (en) * 2003-06-24 2005-02-24 Docomo Communications Laboratories Usa, Inc. Location privacy for internet protocol networks using cryptographically protected prefixes
US20050013241A1 (en) * 2003-07-18 2005-01-20 Alcatel Network restoration
US20060098587A1 (en) * 2004-11-05 2006-05-11 Jean-Philippe Vasseur System and method for retrieving computed paths from a path computation element using encrypted objects
US20060129797A1 (en) * 2004-12-15 2006-06-15 Palo Alto Research Center, Inc. Hardware-supported secure network boot

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080124074A1 (en) * 2005-06-23 2008-05-29 Yu Yang Method for handling channel failures in an automatically switched optical network
US7773877B2 (en) * 2005-06-23 2010-08-10 Huawei Technologies Co., Ltd. Method for handling channel failures in an automatically switched optical network
US20080112333A1 (en) * 2006-11-10 2008-05-15 World Wide Packets, Inc. Communicating an operational state of a transport service
US7869376B2 (en) * 2006-11-10 2011-01-11 World Wide Packets, Inc. Communicating an operational state of a transport service
US7965642B2 (en) * 2007-09-06 2011-06-21 Cisco Technology, Inc. Computing path information to a destination node in a data communication network
US20090067330A1 (en) * 2007-09-06 2009-03-12 Ian Michael Charles Shand Computing path information to a destination node in a data communication network
US20090237697A1 (en) * 2008-03-20 2009-09-24 Angelo Caruso Multiple processor print driver
US20130003525A1 (en) * 2008-06-17 2013-01-03 Machiko Asaie Communication node and communication system
US8988989B2 (en) * 2008-06-17 2015-03-24 Hitachi, Ltd. Communication node and communication system
US20120207017A1 (en) * 2009-07-16 2012-08-16 Daniele Ceccarelli Recovery mechanism for point-to-multipoint traffic
US20110149949A1 (en) * 2009-12-18 2011-06-23 Yury Bakshi Method and apparatus for clearing hang calls
US9369361B2 (en) 2009-12-18 2016-06-14 At&T Intellectual Property I, L.P. Method and apparatus for clearing hang calls
US9231785B2 (en) * 2009-12-18 2016-01-05 At&T Intellectual Property I, L.P. Method and apparatus for clearing hang calls
US20140029416A1 (en) * 2010-12-15 2014-01-30 Telefonaktiebolaget L M Ericsson (Publ) Segment recovery in connection-oriented network
US20130301402A1 (en) * 2010-12-15 2013-11-14 TELEFONAKTIEBOLAGET L M ERRICSSON (publ) Message passing to assure deletion of label switched path
US9774492B2 (en) * 2010-12-15 2017-09-26 Telefonaktiebolaget Lm Ericsson (Publ) Message passing to assure deletion of label switched path
US10250492B2 (en) * 2010-12-15 2019-04-02 Telefonaktiebolaget Lm Ericsson (Publ) Segment recovery in connection-oriented network
EP2725742A4 (en) * 2012-08-30 2014-06-18 Huawei Tech Co Ltd Method and device for processing location information about fault point
EP2725742A1 (en) * 2012-08-30 2014-04-30 Huawei Technologies Co., Ltd. Method and device for processing location information about fault point
US9294369B2 (en) 2012-08-30 2016-03-22 Huawei Technologies Co., Ltd. Method and device for processing location information of fault point
CN102833108A (en) * 2012-08-30 2012-12-19 华为技术有限公司 Processing method and equipment of location information of fault point
CN104238508A (en) * 2014-08-29 2014-12-24 南京中电自动化有限公司 Motor protector data communication optimizing module
US10362631B2 (en) * 2017-04-03 2019-07-23 Level 3 Communications, Llc Last resource disaster routing in a telecommunications network
US10575366B2 (en) * 2017-04-03 2020-02-25 Level 3 Communications, Llc Last resource disaster routing in a telecommunications network

Also Published As

Publication number Publication date
EP1889403A2 (en) 2008-02-20
WO2006133301A2 (en) 2006-12-14
EP1889403A4 (en) 2010-12-01
WO2006133301A3 (en) 2007-11-08
EP1889403B1 (en) 2015-02-25

Similar Documents

Publication Publication Date Title
EP1889403B1 (en) Methods and apparatus for error recovery in opaque networks using encrypted error locations
Filsfils et al. Segment routing architecture
US8948001B2 (en) Service plane triggered fast reroute protection
Farrel et al. Inter-domain MPLS and GMPLS traffic engineering--resource reservation protocol-traffic engineering (RSVP-TE) extensions
Oki et al. Framework for PCE-based inter-layer MPLS and GMPLS traffic engineering
US7602702B1 (en) Fast reroute of traffic associated with a point to multi-point network tunnel
EP1973267B1 (en) A service failure restoration method and system
US20130259056A1 (en) Oam label switched path for fast reroute of protected label switched paths
US9246838B1 (en) Label switched path setup using fast reroute bypass tunnel
Takeda Framework and requirements for layer 1 virtual private networks
US11646960B2 (en) Controller provided protection paths
US10892983B2 (en) Shared risk link group robustness within and across multi-layer control planes
EP1942609B1 (en) A system and method for protecting multicast service path
Le Roux et al. Evaluation of existing GMPLS protocols against multi-layer and multi-region networks (MLN/MRN)
Aslam et al. Interdomain path computation: Challenges and solutions for label switched networks
JP4537914B2 (en) MPLS switch, NMS server device, and program
EP1959609B1 (en) A method for service management in an intelligent optical network
US7529257B1 (en) Method for supporting a GMPLS hierarchy through multiple routing instances
WO2017143958A1 (en) System, method and apparatus for implementing fast reroute (frr)
Wright Inter-area routing, path selection and traffic engineering
CN108702321B (en) System, method and apparatus for implementing fast reroute (FRR)
King et al. Applicability of the path computation element to interarea and inter-AS MPLS and GMPLS traffic engineering
Ali et al. RSVP-TE Path Diversity Using Exclude Route
Ginsberg et al. RFC 8402: Segment Routing Architecture
华为技术有限公司 RFC 8694 Applicability of the Path Computation Element to Inter-area and Inter-AS MPLS and GMPLS Traffic Engineering

Legal Events

Date Code Title Description
AS Assignment

Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BRADFORD, RICHARD;VASSEUR, JEAN PHILIPPE;GUICHARD, JAMES;REEL/FRAME:016657/0326

Effective date: 20050606

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION